CTFd 3.7.4

CTFd 3.7.4 has been released with a security fix for a vulnerability where an attacker could perform a Denial of Service against a CTFd instance. CTFd v2.2.0 to v3.7.3 are affected. We recommend all CTFd users update their instance to v3.7.4. If…

CTFd 3.7.3

CTFd 3.7.3 has been released with a security fix for a vulnerability where an attacker could determine the names of accounts that had solved a challenge even though CTFd was configured to hide account information. v3.7.3 has already been deployed to Hosted CTFd customers. Self-hosted users…

CTFd 3.7.2

CTFd 3.7.2 has been released with a security fix for a vulnerability where an attacker could extract flags from CTFd provided that an admin interacted with a malicious page. To mitigate the above vulnerability, CTFd will no longer return 404s in paginated listing pages and API endpoints. For…

CTFd 3.7.0

CTFd 3.7.0 has been released with the introduction of scoring brackets and the social sharing system. We have also completely removed webpack from CTFd in favor of Vite.…

CTFd v3.6.0

CTFd v3.6.0 has been released with some highly requested features! This release has been long in the making with foundations being laid since the previous minor release. Significant changes have been made across many layers of CTFd to fulfill the headline feature which is Translations and Internalization (i18n)…

Introducing Tourist

Tourist is an HTTP API around Microsoft Playwright that lets us offload the work of browser interaction to a dedicated service. Instead of bundling the browser with every challenge, we can just make HTTP queries to a dedicated service from the challenge.…

CTFd v3.5.0

CTFd v3.5.0 has been released with a few nice to have features and a big overhaul of the core theme.…

CTFd v3.4.0

It's been about 3 months since the release of 3.3.0 and we've got a lot of features to talk about! Let's get the obvious out of the way, Hosted CTFd instances have already been upgraded to CTFd v3.4.0 and the…